Node-to-node encryption protects data that is transferred between nodes in a cluster using SSL (Secure Sockets Layer).
Node-to-node encryption protects data transferred between nodes in a cluster using SSL (Secure Sockets Layer). For information about generating SSL certificates, see Preparing server certificates.
SSL settings for node-to-node encryption¶
To enable node-to-node SSL, you must set the encryption options in the cassandra.yaml file.
On each node, under encryption_options:
- Enable the internode_encryption options (described below).
- Set the appropriate paths to your .keystore and .truststore files.
- Provide the required passwords. The passwords must match the passwords used when generating the keystore and truststore.
- To enable peer certificate authentication, set require_client_auth to true.
The available inter-node options are:
- dc - Cassandra encrypts the traffic between the data centers.
- rack - Cassandra encrypts the traffic between the racks.
encryption_options: internode_encryption: internode_option keystore: resources/dse/conf/.keystore keystore_password: keystore password truststore: resources/dse/conf/.truststore truststore_password: truststore password require_client_auth: true or false